Domain Kiting and Typosquatting – New Dangers of Malware
E-mail security vendor IronPort warns about a possibility of 'domain kiters' and 'typosquatters' joining with malware authors to create a new threat for web users.
35 million domain names were registered in April 2006, of which 32.7 million were repeatedly used but were not permanently registered. These 32.7 million domain names were target of a growing misuse of the domain system.
The process of Domain Kiting involves registrars who cut off large number of domain names to assess how much of revenue can be generated from those sites and if they are found unprofitable they are canceled before having to pay for them. The domain kiting registrar puts up a simple website on every registered domain name. The site has numerous search engine links, which the registrar hopes the users will click on when they visit the page. Whenever an Internet surfer clicks on any of the links, money is earned.
Typosquatting is a phenomenon that has been in existence since many years. In this, domains with addresses similar to more popular ones are registered to draw traffic from misspelled URLs. Typosquatters fill the domain pages with Google Adsense ads to be at the best or add spyware or malware to do the worse. This year a Russian typosquatter victimized Google Inc., by registering the domain name as "googkle.com" and when an unsuspecting surfer mistyped the search giant's domain name he was flooded with Trojan droppers, downloaders, backdoors and spyware.
Vice-president of technology at IronPort, Mr. Peterson said that although he was not aware of large-scale operations between the malware people, the spammers and typosquatters, but from the time of the 'Sobig' virus, which was a joint creation of spammers and virus writers, there is every possibility of domain kiting and typosqautting to merge together in future.
While the practice of domain kiting and typosqautting benefits only a few organizations, which manipulate domain name systems, on the other hand it is an undesirable burden on every registry. One way to stop it is by charging 'Internet Corporation for Assigned Names and Numbers' (ICANN) a 25-cent non-refundable fee. This would considerably reduce abuse.
Related article: DNS Servers Not Free of Vulnerability
» SPAMfighter News - 08-09-2006